The Base Filtering Engine (BFE) service is a crucial network component targeted by many malware. If the BFE service doesn’t start, many services, such as Windows Firewall, Routing, Remote Access, and others, fail to start.
Should the BFE service be missing from the Services MMC, or if the Action Center warns you that the Windows Firewall isn’t enabled, your system is likely under malware attack. Have it checked thoroughly using a reputed anti-malware tool, or you may seek professional help to eliminate malware. Trying to repair these services when malware is on board your system isn’t going to help in most cases.
This post assumes that you’ve done a malware cleanup and want to know how to fix the services such as BFE, Windows Firewall, etc.
The first (and probably the only) thing most of us do to reinstate the Base Filtering Engine Service is to import the service registry keys from a similar computer, which is a correct step. But this only enlists the service in the Services MMC, but the required service Permissions aren’t assigned automatically. Due to missing special permissions for the BFE service, the following errors occur when you try to turn on the BFE or Windows Firewall.
Some of the error messages you may see:
Action Center can’t turn on Windows Firewall
Turning it on via the Windows Firewall applet may show up an error saying Windows Firewall can’t change some of your settings. Error code 0x80070433 or 0x8007042c.
Services MMC: Windows could not start the Windows Firewall service on Local Computer. Error 1075: The dependency service does not exist or has been marked for deletion.
Services MMC: Windows could not start the Base Filtering Engine service on Local Computer. Error 5: Access is denied.
This is recorded in the System event log as well:
Log Name: System Source: Service Control Manager Date: 1/9/2020 8:21:25 AM Event ID: 7023 Task Category: None Level: Error Keywords: Classic User: N/A Computer: W10-PC Description: The BFE service terminated with the following error: Access is denied.
Resolution: Repair Base Filtering Engine Service
Step 1: Fix the BFE Service Registry Keys
First, create a Restore Point, and then restore the BFE service registry entries by downloading the appropriate .zip for your version of Windows:
BFE for Windows 7 | BFE for Windows 8 | BFE for Windows 10 | BFE for Windows 11
Unzip and run the enclosed .reg file. This registers the BFE service back.
Step 2: Fix the BFE registry permissions
Can’t access the BFE Registry key? Take Ownership.
If you aren’t able to open the BFE service registry key or change its Permissions as suggested in Step 2, then you may need to take ownership of the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
and (only if necessary), in this key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy
For more information about changing ownership of a registry key, see the article Take ownership of a registry key. Once done, applying the correct permissions for the Base Filtering Service registry key should be pretty straightforward.
The next step is to fix the BFE service permissions.
- Start
regedit.exeand go to the following registry path:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy
- Right-click
Policy, and click Permissions
It has some default permissions inherited from the parent key. By default, theSYSTEMandAdministratorsgroups have full control permission. But this isn’t enough to start BFE.
- Click on the Add button.
- In the Enter the object names to select: box, type
NT SERVICE\BFE, and click OK.
- BFE is added to the list of Group or user names. We need to give it special permissions. Click Advanced
- Select BFE, and click the Edit button.
- In the Permission Entry dialog, enable or Allow the following Permissions for BFE:
- Query Value
- Set Value
- Create Subkey
- Enumerate Subkeys
- Notify
- Read Control (this is added by default when you added BFE)
- After adding the above (six) Permissions, click OK.
- You’ll be back at the Advanced Security Settings dialog now. Select BFE, click Replace all child object permissions with inheritable permissions from this object, and click OK.
- You’ll be back at the standard permissions dialog. Simply click OK and close the dialog.
- Restart Windows, and then launch the Services MMC (
services.msc) - Double-click Base Filtering Engine and check its status. If the permissions are correct and no malware is on-board, the Base Filtering Engine service should show the status Started.
Step 3: Check the Security Descriptors
Still no dice..? If the above steps fail to resolve the issue, resetting the BFE service permissions or security descriptors should do the trick.
- Open an elevated or admin Command Prompt.
- Type in the following command:
[Windows 7 and Windows 8] SC SDSET BFE D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU) [Windows 10] SC SDSET BFE D:(A;;CCLCLORC;;;AU)(A;;CCDCLCSWRPLORCWDWO;;;SY)(A;;CCLCSWRPLORCWDWO;;;BA)(A;;CCLCLO;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOSDRCWDWO;;;WD) [Windows 11] SC SDSET BFE D:(A;;CCLCLORC;;;AU)(A;;CCDCLCSWRPLORCWDWO;;;SY)(A;;CCLCSWRPLORCWDWO;;;BA)(A;;CCLCLO;;;BU)
Make sure there are no spaces in the Security Descriptor string. It should be like this:
SC <SPACE> SDSET <SPACE> <SECURITYDESCRIPTOR>
- Check out this article for background information on service Security Descriptors (SDDL).
And you should see the message SetServiceObjectSecurity SUCCESS. Restart Windows once again.
Instead, if you get the error SetServiceObjectSecurity FAILED 5: Access is denied, then the registry key permissions or the service permissions are wrong somewhere. In that case, re-run all the steps above in Safe Mode and verify the permission entries. It should work eventually!
One small request: If you liked this post, please share this?
One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:- Pin it!
- Share it to your favorite blog + Facebook, Reddit
- Tweet it!
This solution does not solved my issue
Thank you – BFE is now working on my PC 🙂
should read:
SC SDSET BFE D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)
Worked like magic… many many thanks
This one helped me, while somehow auslogicsboostspeed and ccleaner ____Up my system.
The thing now is i cant delete BFE on Security Group or User Names on registry because before there was not there…
I ran the registry program listed here, and it changed my error reading to a 1083, the solution on this website to which doesn’t work
@Tristan: These articles should help. Fix for Base Filtering Engine (BFE) Service Error 1083 & Error 1083 “The executable program that this service is configured to run in does not implement the service”
Was able to solve Base Filtering Engine (BFE) in “Safe Mode”.
I am running windows programs on Ubuntu using Wine. When I try to run them, it shous the error “Base Filtering Engine Windows Service is missing”.
Can anyone please suggest me the trouble shooting steps?
The OS I’m using currently on my laptop is Ubuntu.
many thanks ,problem solved
i have been search and do some tutorial in another site, all cant work. and this one amazingly WORK
Thank you!!
drive.google.com/file/d/13dqCO7iR8uED3GHRhFFAIgPEUsflxnvW/view?usp=sharing
use this tool (Tweaking.com-RepairWindowsFirewall.exe) to fix
Hello I’m dutch and a noob with computers. So sorry about my bad English. BFE is not running (it says automatic) and i can’t solve the problem. It’s Windows 10 home and when I try step 3 I get this:
At line:1 char:18
+ SC SDSET BFE D:(A;;CCLCLORC;;;AU)(A;;CCDCLCSWRPLORCWDWO;;;SY)(A;;CCLC …
+ ~
Missing closing ‘)’ in expression.
At line:1 char:33
+ SC SDSET BFE D:(A;;CCLCLORC;;;AU)(A;;CCDCLCSWRPLORCWDWO;;;SY)(A;;CCLC …
+ ~
Unexpected token ‘)’ in expression or statement.
At line:1 char:36
+ SC SDSET BFE D:(A;;CCLCLORC;;;AU)(A;;CCDCLCSWRPLORCWDWO;;;SY)(A;;CCLC …
+ ~
Missing closing ‘)’ in expression.
At line:1 char:61
+ SC SDSET BFE D:(A;;CCLCLORC;;;AU)(A;;CCDCLCSWRPLORCWDWO;;;SY)(A;;CCLC …
+ ~
Unexpected token ‘)’ in expression or statement.
At line:1 char:64
+ … SDSET BFE D:(A;;CCLCLORC;;;AU)(A;;CCDCLCSWRPLORCWDWO;;;SY)(A;;CCLCSW …
+ ~
Missing closing ‘)’ in expression.
At line:1 char:87
+ … C;;;AU)(A;;CCDCLCSWRPLORCWDWO;;;SY)(A;;CCLCSWRPLORCWDWO;;;BA)(A;;CCLC …
+ ~
Unexpected token ‘)’ in expression or statement.
At line:1 char:90
+ … ;;AU)(A;;CCDCLCSWRPLORCWDWO;;;SY)(A;;CCLCSWRPLORCWDWO;;;BA)(A;;CCLCLO …
+ ~
Missing closing ‘)’ in expression.
At line:1 char:103
+ … CSWRPLORCWDWO;;;SY)(A;;CCLCSWRPLORCWDWO;;;BA)(A;;CCLCLO;;;BU)S:(AU;FA …
+ ~
Unexpected token ‘)’ in expression or statement.
At line:1 char:109
+ … LORCWDWO;;;SY)(A;;CCLCSWRPLORCWDWO;;;BA)(A;;CCLCLO;;;BU)S:(AU;FA;CCDC …
+ ~
Missing closing ‘)’ in expression.
At line:1 char:142
+ … LORCWDWO;;;BA)(A;;CCLCLO;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOSDRCWDWO;;;WD)
+ ~
Unexpected token ‘)’ in expression or statement.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : MissingEndParenthesisInExpression
And I am sure that I didn’t make a mistake by typing.
Can b
somebody tell me what I am doing wrong?
It’s caused by line breaks. Please make sure that you copy the command and run it exactly as a single-line command.
Worked for me! Thanks 🙂
No cmnts 😀 ………….Im speechless. Its a kind of Magic ….. 110% worked for me
Finally… thanks a lot!
after doing the steps bfe service is now running in my computer but my windows defender fire wall is switching between starting and running and i can’t change it help please
Thank you! This fixed my windows firewall and while troubleshooting found out the BFE service is not turning on!
Thanks!! It worked
Thanks you very much !! It worked for me too 🙂
P.S.: Like others users, I have been search and do some tutorials in anothers sites, all can’t work. and this one amazingly WORK !